Symetrical encryption algo's?

casper_the_ghost · October 29, 2006, 2:56pm

hi -

I have a feeling I’m missing something, but if all you want to do is
generate obfuscated URLs, why not just the the SHA1-hash of a string
consisting of the “real” url and the user’s name? You can store the
generated urls in the server-side user-session so you don’t have to do any
decrypting.

is there a way to de-sha1 these hashed results to get the original data?
and to do the shash with a specific key?
all i could find was:

       res = Digest::SHA1.hexdigest(str)

whats the reverse of this,
and where is the key from?

we need to pass URLs back and forth from a ruby site to a PHP site. so
i was looking for a reasonably easy algorithm that would work for
both. I’ve had problems with blowfish on PHP giving different results
on different OSs. So i dont really want to risk something more obscure
given such different environments.

this is also for a mobile phone service where we reliably can get a
uniqueID per user.

we need to prevent people forwarding URLs which is why we need to key
off the uniqueID

but I need to be able to go both ways, given the key. eg:

ruby.site.com/uri=1b2347ghjhsdgf

I can then decode this + with the users ID/key + send them on their way,
and also pack up URLs to send ppl back to the php page.

other suggestions are to put all the URLs in a DB + then check against
the userID/urlID key etc but i want to avoid DB access.

tx!

casper_the_ghost · October 29, 2006, 3:22pm

On 10/29/06, dc [email protected] wrote:

       res = Digest::SHA1.hexdigest(str)
whats the reverse of this,
and where is the key from?

SHA1 is, to my knowledge, not reversable.

J`ey
http://www.eachmapinject.com

casper_the_ghost · October 29, 2006, 4:01pm

On Sun, 29 Oct 2006, dc wrote:

is there a way to de-sha1 these hashed results to get the original data?
and to do the shash with a specific key?
all i could find was:
     res = Digest::SHA1.hexdigest(str)
whats the reverse of this,
and where is the key from?

No.

A hashing algorithm is a one way algorithm. You can’t get your original
data back from it.

we need to pass URLs back and forth from a ruby site to a PHP site. so
i was looking for a reasonably easy algorithm that would work for
both. I’ve had problems with blowfish on PHP giving different results
on different OSs. So i dont really want to risk something more obscure
given such different environments.

As I’ve mentioned, I’m doing this using a pure ruby crypto library found
on Rubyforge: http://rubyforge.org/projects/crypt/

but I need to be able to go both ways, given the key. eg:

ruby.site.com/uri=1b2347ghjhsdgf

I can then decode this + with the users ID/key + send them on their way,
and also pack up URLs to send ppl back to the php page.

If Rijndael(AES), Gost, or IDEA can work reliably via PHP, then you do
something like this:

irb(main):001:0> require ‘rubygems’
=> true

irb(main):002:0> require ‘crypt/rijndael’
=> true

irb(main):003:0> require ‘base64’
=> true

irb(main):004:0> require ‘cgi’
=> true

irb(main):005:0> uri = ‘uri=1b2347ghjhsdgf’
=> "uri=1b2347ghjhsdgf
"
irb(main):006:0> crypto = Crypt::Rijndael.new(‘I am a key’)
=> #<Crypt::Rijndael:0xb726dd9c @shiftIndex=0, @keyWords=8,
@blockWords=4,
…[snip]…

irb(main):007:0> encrypted_uri =
CGI.escape(Base64::encode64(crypto.encrypt_string(uri)))
=>
“Ai32bnCHRKW1xVEfjtNt63dSQRzRq8SPCSiS6gs9b9fgteBEBSFB%2BLRYdUD2%0AijDQ%0A”

irb(main):008:0> url = “ruby.site.com/#{encrypted_uri}”
=>
"ruby.site.com/Ai32bnCHRKW1xVEfjtNt63dSQRzRq8SPCSiS6gs9b9fgteBEBSFB%2BLRYdUD2 ijDQ "

Just reverse the steps to get the original data back:

irb(main):009:0> original =
crypto.decrypt_string(Base64::decode64(CGI.unescape(encrypted_uri)))
=> “uri=1b2347ghjhsdgf”

Kirk H.